Authenticated content discovery

ABSTRACT

Embodiments are disclosed herein that relate to facilitating the discovery of authenticated content from a variety of sources. One embodiment provides a method comprising receiving a plurality of authentication tokens from the media presentation device, where each of the plurality of authentication tokens represents an established authenticated relationship between a user and a corresponding content source. The method further comprises receiving a request from the media presentation device for an electronic programming guide and sending the electronic programming guide to the media presentation device, where the electronic programming guide comprises a listing of content from a plurality of content sources corresponding to the plurality of authentication tokens.

BACKGROUND

A consumer of media content may use a variety of media presentationdevices for content consumption, such as a desktop computer, laptopcomputer, mobile communication device, portable media player, and/ortelevision. Further, such a consumer may receive content from a varietyof sources, including but not limited to multichannel video programdistributors (MVPDs) such as cable providers, direct broadcastproviders, satellite television providers, as well as broadband videocontent providers that provide content over a computer network such asthe Internet.

In the case of MVPD-delivered content, the MVPD acts as a gatekeeperthat maintains relationships with content producers and controls useraccess to the content. In contrast, in the case of some computernetwork-accessed content such as broadband video content, a user mayutilize a network browser to freely search for content. Currently, usersmay discover content available from a MVPD via an electronic programmingguide (EPG) provided by the MVPD via a set top box or the like. Incontrast, users may discover content available from non-MVPD sources bya variety of other methods. For example, a user may be provided withdifferent software applications that each allows the user to discovercontent available from a provider associated with that application.Further, in some cases, a MVPD may establish relationships withInternet-accessed content so that the MVPD also acts as a gatekeeper forsuch broadband video content.

SUMMARY

Various embodiments are disclosed herein that relate to facilitating thediscovery of authenticated content from a variety of sources byproviding an electronic programming guide to a media presentationdevice. One disclosed embodiment provides a method comprising receivinga plurality of authentication tokens from the media presentation device,where each of the plurality of authentication tokens represents anestablished authenticated relationship between a user and acorresponding content source. The method further comprises receiving arequest from the media presentation device for an electronic programmingguide and sending the electronic programming guide to the mediapresentation device, where the electronic programming guide comprises alisting of content from a plurality of content sources corresponding tothe plurality of authentication tokens.

This Summary is provided to introduce a selection of concepts in asimplified form that are further described below in the DetailedDescription. This Summary is not intended to identify key features oressential features of the claimed subject matter, nor is it intended tobe used to limit the scope of the claimed subject matter. Furthermore,the claimed subject matter is not limited to implementations that solveany or all disadvantages noted in any part of this disclosure.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 shows an example computer network media consumption environmentin accordance with an embodiment of the present disclosure.

FIG. 2 shows a flow diagram of an embodiment of a method of providing anelectronic programming guide to a media presentation device.

FIG. 3 schematically shows an example workflow diagram within thecomputer network media consumption environment embodiment of FIG. 1.

FIG. 4 schematically shows an example workflow diagram within anauthentication-authorization environment in accordance with anembodiment of the present disclosure.

DETAILED DESCRIPTION

As mentioned above, a consumer of media content may access media contentfrom a variety of different media presentation devices, some of whichmay not be connectable to a traditional set top box. As such, MVPDs suchas multiple system operators (MSOs), telecommunication operators(Telcos), etc. may wish to distribute content over the Internet, yethave consumers authenticate their right to that content. Thus, suchMVPDs may wish to adopt a particular authentication method that supportscontent distribution to a variety of media presentation devices such aspersonal computers, mobile communication devices, Internet-enabledtelevisions, etc. Such authentication methods also may allow forauthenticated content delivery from non-MVPD sources, such as broadbandvideo sources accessed via the Internet. Much of this content may be“long tail,” meaning that the content may appeal to a demographic whichmay be narrower than that of a typical broadcast lineup.

Due to the focused interest of such a broadcast, this narrowerdemographic may be desirable for targeting with contextual advertising.However, proliferation of such content may create complications withincontent discovery and advertisement provision, in particular on mediapresentation devices such as Internet-enabled televisions and mobilecommunication devices.

Therefore, embodiments are disclosed herein that relate to providing anelectronic programming guide to a media presentation device within acomputer network media consumption environment for such broadbandnetwork-delivered, authenticated content. Further, such a computernetwork media consumption environment may allow for targeted advertisingbased on a user's authenticated relationships with various contentsources.

FIG. 1 shows an example computer network media consumption environment100 including a plurality of media presentation devices 102 configuredto visually present content. As nonlimiting examples, media presentationdevices 102 may include televisions and other display devices; computingdevices such as desktop computers, laptop computers, notebook computers,notepad computers, etc.; mobile communication devices such as smartphones; portable media players; and other suitable devices. The contentconsumed by such media presentation devices 102 may be received from anysuitable source, such as content sources 104 accessible via a networksuch as network 106. Content sources 104 may represent any suitablecontent sources, including but not limited to a computer network contentsource 104 a (e.g., accessible by the Internet) and a broadcast contentsource 104 b (e.g., satellite or cable provider), for example. As such,media presentation devices 102 may consume traditional broadcast and/orcomputer network-delivered content.

As mentioned above, consumption of the content from content sources 104may be within an environment in which users are authenticated by a mediacontent source prior to accessing and consuming media content from thatsource. In such a case, a user 108 may register with one or more suchcontent sources 104 to receive authenticated content via mediapresentation devices 102. An example authentication-authorizationenvironment is described in more detail hereafter with reference to FIG.4.

When registering with a particular content source, the content sourcemay provide to the media presentation device an authentication token. Asan example, user 108 may register example media presentation device 102a with example content source 104 n and in response, receive anauthentication token from content source 104 n representing theauthenticated relationship. The term “authentication token” as usedherein signifies any representation that the user has an authenticatedrelationship with that content source. The authentication token maycontain any suitable information, including but not limited toinformation about media presentation device 102 a, user 108 of mediapresentation device 102 a, and/or content source 104 n from which theauthentication token was received. It should be appreciated that user108 may register additional media presentation devices 102 (e.g., mediapresentation device 102 b) with other content sources 104 (e.g., contentsource 104 b) and thereby receive additional authentication tokens. Itshould be further appreciated that in some embodiments, a contentdelivery source may be distinct from an authentication service. As anexample, an authentication token may correspond to a video club (A),which gives the user rights to videos from multiple sources (X, Y andZ). In such a case, trust relationships exist between A-X, A-Y, and A-Z.As such, the “authentication” in effect comes from X, Y or Z, but ismediated by A.

An a nonlimiting example of a possible use scenario, a user may registerwith an online account associated with an online sports magazine servicein order to view authenticated content associated with the sportsmagazine, such as player interviews, premium programming, playoff games,etc. As another example, a user may register with an online gamingservice to receive authenticated content from the gaming service, suchas games and related media content. As yet another example, a user mayregister with an online movie service to download and/or stream movies.It should be appreciated that these examples illustrate just a fewexamples of authenticated content sources, and are not intended to belimiting in any way.

Media presentation devices 102, such as example media presentationdevice 102 a, may each further include a logic subsystem 110, adata-holding subsystem 112, a display subsystem 114, and a communicationsubsystem 115. Media presentation device 102 a may optionally includeother components not shown in FIG. 1, such as user input devices (e.g.,keyboards, mice, game controllers, cameras, microphones, and/or touchscreens).

Logic subsystem 110 may include one or more physical devices configuredto execute one or more instructions. For example, the logic subsystemmay be configured to execute one or more instructions that are part ofone or more applications, services, programs, routines, libraries,objects, components, data structures, or other logical constructs. Suchinstructions may be implemented to perform a task, implement a datatype, transform the state of one or more devices, or otherwise arrive ata desired result.

The logic subsystem may include one or more processors that areconfigured to execute software instructions. Additionally oralternatively, the logic subsystem may include one or more hardware orfirmware logic machines configured to execute hardware or firmwareinstructions. Processors of the logic subsystem may be single core ormulticore, and the programs executed thereon may be configured forparallel or distributed processing. The logic subsystem may optionallyinclude individual components that are distributed throughout two ormore devices, which may be remotely located and/or configured forcoordinated processing. One or more aspects of the logic subsystem maybe virtualized and executed by remotely accessible networked computingdevices configured in a cloud computing configuration.

Data-holding subsystem 112 may include one or more physical devicesconfigured to hold data and/or instructions executable by logicsubsystem 110 to implement the herein described methods and processes.When such methods and processes are implemented, the state ofdata-holding subsystem 112 may be transformed (e.g., to hold differentdata).

Data-holding subsystem 112 may include removable media and/or built-indevices. For example, data-holding subsystem 112 may include opticalmemory devices (e.g., CD, DVD, HD-DVD, Blu-Ray Disc, etc.),semiconductor memory devices (e.g., RAM, EPROM, EEPROM, etc.) and/ormagnetic memory devices (e.g., hard disk drive, floppy disk drive, tapedrive, MRAM, etc.), among others. Data-holding subsystem 112 may includedevices with one or more of the following characteristics: volatile,nonvolatile, dynamic, static, read/write, read-only, random access,sequential access, location addressable, file addressable, and contentaddressable. In some embodiments, logic subsystem 110 and data-holdingsubsystem 112 may be integrated into one or more common devices, such asan application specific integrated circuit or a system on a chip.

FIG. 1 also shows an aspect of the data-holding subsystem in the form ofremovable computer-readable storage media 116, which may be used tostore and/or transfer data and/or instructions executable to implementthe herein described methods and processes. Removable computer-readablestorage media 116 may take the form of CDs, DVDs, HD-DVDs, Blu-RayDiscs, EEPROMs, flash memory drives, and/or floppy disks, among others.

Display subsystem 114 may be used to present a visual representation ofdata held by data-holding subsystem 112. As the herein described methodsand processes change the data held by the data-holding subsystem, andthus transform the state of the data-holding subsystem, the state ofdisplay subsystem 114 may likewise be transformed to visually representchanges in the underlying data. Display subsystem 114 may include one ormore display devices utilizing virtually any type of technology. Suchdisplay devices may be combined with logic subsystem 110 and/ordata-holding subsystem 112 in a shared enclosure, or such displaydevices may be peripheral display devices.

Communication subsystem 115 may be configured to communicatively couplewith one or more other computing devices, such as an EPG server 120.Communication subsystem 115 may include wired and/or wirelesscommunication devices compatible with one or more differentcommunication protocols. As nonlimiting examples, communicationsubsystem 115 may be configured for communication via a wirelesstelephone network, a wireless local area network, a wired local areanetwork, a wireless wide area network, a wired wide area network, and/orany other suitable network or combination of networks.

EPG server 120 is configured to provide an electronic programming guide(EPG) to media presentation devices 102. It should be appreciated thatdepicted EPG server 120 may represent one or more server devices incommunication with one another. As such, it will be understood thevarious services and features described herein as being performed by EPGserver may be implemented on two or more separate devices in someembodiments. The EPG provided shows a list of authenticated contentavailable to user 108 based on the user's stored digital credentials(e.g., authentication tokens). As such, the EPG allows user 108 toaccess, select, and discover authenticated content from variouspotentially unrelated sources via a common user interface. In someembodiments, the EPG may present a list of content available via both acomputer network (e.g., broadband video sources) and broadcast sources.Likewise, in some embodiments, such an EPG may be configured to updatecontinuously, upon user request, or at any other suitable time.

Providing such an EPG for authenticated content offers user 108 aconvenient method for discovering content that is similar to thefamiliar cable or satellite broadcast television content discovery andselection paradigm. In the traditional cable or satellite model, a useroperates within a “walled garden” of content wherein a carrier orservice provider controls applications, content, media platforms, etc.,and thus restricts access to non-approved content sources. However, theEPG provided by EPG server 120 allows user 108 to access to bothcomputer network and broadcast content. As such, the user 108 is notrestricted by a walled garden content consumption environment. Rather,user 108 may access via the EPG any authenticated content with whichthey are registered through EPG server 120. This is in contrast to theuse of separate applications to discover content available fromdifferent sources, which allows a user to see content available fromonly a single source.

EPG server 120 may be configured to provide the EPG in any suitablemanner. In some embodiments, EPG server 120 may include a federatedidentity service 122 configured to federate various items of informationabout a user to be used in providing the EPG to the user. For example,federated identity service 122 may federate information regarding one ormore media presentation devices, such as example media presentationdevices 102 a and 102 b, as well as authentication tokens received bythe user via registered devices when registering with any of the contentsources 104. In this way, federated identity service 122 may thenprovide media presentation device 102 a and/or 102 b with an EPG basedon the authentication tokens received from any of the user's mediapresentation devices 102 regardless of which of the media presentationdevices 102 was utilized when registering with the content sources. Itis to be appreciated that a “service”, as used herein, may be anapplication program executable across multiple user sessions andavailable to one or more system components, programs, and/or otherservices, and may run on a server responsive to a request from a client.

EPG server 120 may further include an EPG service 124. EPG service 124is configured to generate the EPG based on the authentication tokensreceived from media presentation devices 102. As an example, in someembodiments, EPG service 124 may compare the authentication tokens to acollection of authenticated content available from known content sourcesutilizing authentication, represented as content index 126 in FIGS. 1and 3, to determine the authenticated content with which user 108 ispermitted access. In this way, federated identity service 122 maycross-correlate user digital identities of the authentication tokens tocontent index 126 and generate a personalized EPG for user 108 based,for example, upon the cross-product of aggregated, federated identitiesand authenticated content.

In some embodiments, EPG server 120 may be further configured to performnetwork searching, via authenticated content search engine 128, todiscover additional content sources that utilize authentication. EPGserver 120 further may update content index 126 with such newlydiscovered content sources. Further, EPG server 120 may additionally oralternatively receive submissions of authenticated content directly fromcontent sources 104 (e.g., from developers).

EPG server 120 may further include a logic subsystem 130 and adata-holding subsystem 132. As described above with reference to examplemedia presentation device 102 a, logic subsystem 130 may be configuredto execute instructions, such as instructions stored on a data-holdingsubsystem 132 to perform the various tasks disclosed herein related tothe provision of EPGs and/or advertising content and/or services.

EPG server 120 may further include a communication subsystem 133configured to communicatively couple with one or more other computingdevices, such as media presentation devices 102. As described above withreference to media presentation device 102 a, communication subsystem133 may include wired and/or wireless communication devices compatiblewith one or more different communication protocols.

Continuing with FIG. 1, in addition to providing an EPG, EPG server 120may further provide advertising, via an ad service 134 a, based on theauthenticated content sources with which user 108 is registered. In someembodiments, this targeted advertising may be based on one or more ofthe authentication tokens associated with the user in the federatedidentity service 122, and/or on user-descriptive metadata (“identitymetadata”) aggregated via the authentication tokens. Suchuser-descriptive metadata may include, for example, demographic and/oraffinity data based upon the subject matter of broadband video channelswith which the user is authenticated. In other embodiments, EPG server120 may provide aggregative identity metadata to an external advertisingservice, such as ad service 134 b, for the provision of advertisingcontent.

FIG. 2 shows an embodiment of a method 200 of providing an EPG to amedia presentation device. At 202, the media presentation deviceestablishes authenticated relationships with one or more contentsources, including but not limited to broadcast sources and/or broadbandsources or other computer network-available sources. In response toestablishing each authenticated relationship, the media presentationdevice receives an authentication token, as indicated at 204,representing an established authenticated relationship between the userand the corresponding content source.

At 206, the media presentation device sends the authentication tokens toa federated identity service associated with an EPG server. Accordingly,at 208, the EPG server receives the authentication tokens from the mediapresentation device.

At 210, the media presentation device sends a request to the EPG serverfor an EPG. Accordingly, at 212, the EPG server receives the requestfrom the media presentation device for the EPG, and at 214, the EPGserver generates the EPG via the authentication tokens. For example, theEPG server may compare the authentication tokens to an authenticatedcontent index or other suitable collection of known content sourcesutilizing authentication in order to determine the authenticated contentsources with which the user is registered. Upon determining suchcontent, the EPG server may then generate an EPG comprising a list ofcontent available from the authenticated sources. At 216, the EPG serversends the EPG to the media presentation device, and at 218 the mediapresentation device receives the EPG.

In some embodiments, the media presentation device may provideadditional authentication tokens to the EPG server as the user registerswith additional authenticated content sources. In such a case, uponreceiving the additional authentication tokens from the mediapresentation device, the EPG server may send an updated EPG to the mediapresentation device, either automatically upon receipt of the additionalauthentication tokens, or upon receiving a request from the mediapresentation device for an updated EPG. It will be understood that suchan updated EPG includes listings of content from additional contentsources corresponding to the additional authentication tokens.

The media presentation device may be just one of several mediapresentation devices associated with the user. As such, method 200 mayfurther include the EPG server receiving additional requests from othermedia presentation devices associated with the user. These additionalmedia presentation devices may also be registered with the federatedidentity service. As such, upon receiving a request for an EPG from oneof such devices, method 200 may include the EPG server sending the EPGto that device.

Continuing with FIG. 2, in some embodiments, the EPG server may befurther configured to provide advertising content to the mediapresentation device. In such embodiments, method 200 proceeds to 220,wherein the EPG server aggregates identity metadata associated with theuser based on the authentication tokens. For example, metadata may bedetermined based upon an identity of the authenticated content sourcesrepresented by the authentication tokens. In the case of broadband videocontent sources, such sources may have a sufficiently narrow focus thathighly descriptive metadata may be determined from the identity of theauthenticated content source.

At 222, the EPG server provides the aggregated identity metadata to anadvertising service. Such an advertising service may be associated theEPG server itself, or alternatively, may be a third-party advertisingservice. At 224, the EPG server receives advertising content from theadvertising service, wherein the advertising content is selected basedon the aggregated identity metadata. At 226, the EPG server provides theadvertising content to the media presentation device, and, at 228, themedia presentation receives the advertising content. It will beunderstood that the advertising content also may be provided directly bythe advertising service.

Turning now to FIG. 3, FIG. 3 schematically shows an example workflowdiagram 300 illustrating an embodiment of a method for providing an EPGto media presentation devices 102 within computer network mediaconsumption environment 100 of FIG. 1. As shown at 302, one or moremedia presentation devices 102 may register with one or more contentsources 104, and in response, receive an authentication token for eachauthenticated relationship with a content source. Such communication mayoccur over a network 106, such as the Internet or any other suitablenetwork.

Continuing, a media presentation device, such as example mediapresentation device 102 a, may register with federated identity service122, and may then pass the authentication tokens stored on mediapresentation device 102 a to federated identity service 122, as shown at304. Other media presentation devices 102 associated with user 108 alsomay register with federated identity service 122 and pass theirauthentication tokens to federated identity service 122. Federatedidentity service 122 may then federate all authentication tokensassociated with user 108.

Upon receiving the authentication tokens, federated identity service 122may pass the authentication tokens to EPG service 124, as illustrated at306. EPG service 124 may then cross-correlate the authentication tokenswith a listing of content at content index 126, as shown at 308, so asto determine with which content sources 104 the user is authenticated.

In some cases, as shown at 310, content index 126 may storeauthenticated content located via an authenticated content search engine128 configured to crawl for authenticated content of content sources104, as shown at 312. Further, in some embodiments, a developer 314 maybe able to submit content directly to content index 126, as shown at316.

Upon determining the authenticated content sources associated with user108, EPG service 124 then produces an EPG that lists content availablefrom the authenticated content sources associated with user 108, andprovides federated identity service 122 with the EPG, as shown at 318.At 320, federated identity service 122 provides the EPG to mediapresentation device 102 a. Upon receiving the EPG, media presentationdevice 102 a may select content from the EPG for consumption. Suchcontent then may be received via normal distribution channels. Forexample, broadband video content selected from the EPG may be receiveddirectly over a network, rather than through EPG server 102.

FIG. 4 schematically shows an example workflow diagram 400 depicting anembodiment of a method of establishing an authenticated relationship andreceiving protected content within an authentication-authorizationenvironment. As an example, media presentation devices 102 of FIG. 1 mayutilize such an environment to register with content sources 104 so asto form authenticated relationships.

At 402, a media presentation device, such as example media presentationdevice 102 a, registers and authenticates, via a media presentationdevice authentication service 404 (which may be first- or third-party),with a security token service 406 of an enterprise identity provider408. At 410, an authentication token 412 a is transmitted to mediapresentation device 102 a. As a non-limiting example, the authenticationtoken 412 a may be a Security Assertion Markup Language (SAML) token.Authentication token 412 a may then be stored at media presentationdevice 102 a. It should be appreciated that other media presentationdevices 102 associated with user 108 may also authenticate with securitytoken service 406 and receive authentication tokens 412.

At 414, content from one or more content sources 104 is discovered, anduser 108 selects protected content for consumption. Then, the mediapresentation device 102 a attempts to access the protected content via acontent delivery service 418, as shown at 416. The request to access thecontent may comprise the authentication token 412 a, as well as anyother suitable information.

Content delivery service 418 redirects the request, including theclient-stored authentication token 412 a, to an authorization server 420with which content delivery service 418 has a trust relationship, asshown at 422. Authorization server 420 may also have a trustrelationship with enterprise identity provider 408. Authorization server420 then authenticates user 108 using authentication token 412 a, andgenerates a user-authenticated verification code. At 424, theverification code is returned to media presentation device 102 a.

The request for the content may then be redirected back to contentdelivery service 418, as shown at 426. The redirected request mayinclude authentication token 412 a and the verification code generatedby authorization server 420. Content delivery service 418 receives therequest and parses authentication token 412 a and the verification codeto verify authorization. Upon doing so, content delivery service 418then transmits a license to media presentation device 102 a, as shown at428. Such a license may include, for example, a domain-bound digitalrights management (DRM) license, wherein the license is boundcryptographically to a domain of a collection of media presentationdevices, rather than to a specific media presentation device. Uponreceiving the license at 428, media presentation device 102 a thenextracts a decryption key for streaming and/or download, and commencesauthorized playback of the protected content.

As a more specific example use scenario of such anauthentication-authorization environment in conjunction with theherein-described computer network media consumption environment 100, auser may purchase a new media presentation device, such as a television.Once installed and Internet-enabled, the television may utilizediscovery standards to discover federated identity service(s) already inuse by the user. However, in other embodiments and/or if no federatedidentity services are found, the television may provide a list and/or aprompt for the user to select a popular federated identity service. Asan example, the MSO or Telco used for Internet access may provide such aservice. The user may then select any suitable federated identityservice. As an example, the user may select a federated identity servicerecognized as being associated with a favorable consumer experience.

The federated identity service may discover existing credentials in thehome of the user (e.g., authentication tokens on one or more mediapresentation devices associated with the user). However, if no suchcredentials can be found, then in some embodiments, the user may enterthese credentials in any suitable manner, such as via a login andpassword, subscriber identity module (SIM) card from a mobilecommunication device, etc.

Using authentication methods, (e.g., Security Assertion Markup Language(SAML), OAuth 2.0, etc.) the credentials may be shared with an EPG webservice associated with the federated identity service. This web servicemay compare the credentials of the user with a database of knownauthenticated content sources of Internet content. The web service thencreates an EPG and provides this EPG to the user's television. Further,all devices owned by the user which are registered with the federatedidentity service may receive such an EPG.

In some cases, an authenticated content web crawler may continuouslycollect authentication content from the Internet and maintain suchinformation in a database used by the EPG web service. Further, somesources of authenticated content may be optionally preloaded and managedin the database.

Further, where the federated identity service collects and aggregatesidentity metadata, an advertising provider may use this metadata toassociate advertising content with authenticated content in a waypersonalized to the user.

It is to be understood that the configurations and/or approachesdescribed herein are exemplary in nature, and that these specificembodiments or examples are not to be considered in a limiting sense,because numerous variations are possible. The specific routines ormethods described herein may represent one or more of any number ofprocessing strategies. As such, various acts illustrated may beperformed in the sequence illustrated, in other sequences, in parallel,or in some cases omitted. Likewise, the order of the above-describedprocesses may be changed.

The subject matter of the present disclosure includes all novel andnonobvious combinations and subcombinations of the various processes,systems and configurations, and other features, functions, acts, and/orproperties disclosed herein, as well as any and all equivalents thereof.

1. A method of providing an electronic programming guide to a mediapresentation device, the method comprising: receiving a plurality ofauthentication tokens from the media presentation device, each of theplurality of authentication tokens representing an establishedauthenticated relationship between a user and a corresponding contentsource; receiving a request from the media presentation device for anelectronic programming guide; and sending the electronic programmingguide to the media presentation device, the electronic programming guidecomprising a listing of content from a plurality of content sourcescorresponding to the plurality of authentication tokens.
 2. The methodof claim 1, wherein the media presentation device is a first mediapresentation device, and further comprising receiving from a secondmedia presentation device associated with the user a request for anelectronic programming guide, and sending the electronic programmingguide to the second media presentation device associated with the user.3. The method of claim 2, wherein the first media presentation deviceand the second media presentation device are registered with a federatedidentity service.
 4. The method of claim 1, further comprising receivingan additional authentication token from the media presentation deviceand sending an updated electronic programming guide to the mediapresentation device, the updated programming guide comprising a listingof content from an additional content source corresponding to theadditional authentication token.
 5. The method of claim 1, furthercomprising updating the electronic programming guide continuously. 6.The method of claim 1, further comprising generating the electronicprogramming guide based on the plurality of authentication tokens. 7.The method of claim 6, wherein generating the electronic programmingguide comprises comparing the plurality of authentication tokens to acollection of known content sources utilizing authentication.
 8. Themethod of claim 7, further comprising performing network searching forcontent sources utilizing authentication and updating the collection ofknown content sources utilizing authentication with newly discoveredcontent sources utilizing authentication.
 9. The method of claim 1,further comprising aggregating identity metadata associated with theuser based on the plurality of authentication tokens to form aggregatedidentity metadata, and providing the aggregated identity metadata to anadvertising service.
 10. The method of claim 1, wherein the plurality ofcontent sources includes a computer network content source and abroadcast content source.
 11. The method of claim 10, wherein one ormore of the plurality of content sources are provided by a multichannelvideo program distributor (MVPD).
 12. The method of claim 10, whereinone or more of the plurality of content sources are Internet-accessible.13. A method of providing advertising content in a computer networkmedia consumption environment, the method comprising: receiving aplurality of authentication tokens from one or more media presentationdevices associated with a user, each of the plurality of authenticationtokens representing an established authenticated relationship betweenthe user and a content source; and providing advertising content to oneor more of the media presentation devices associated with the user basedupon the authentication tokens.
 14. The method of claim 13, furthercomprising aggregating identity metadata associated with the user basedon the plurality of authentication tokens to form aggregated identitymetadata, and wherein the advertising content is selected based on theaggregated identity metadata.
 15. The method of claim 13, furthercomprising performing network searching for content sources utilizingauthentication and maintaining a collection of the content sourcesutilizing authentication.
 16. The method of claim 13, further comprisingsending an electronic programming guide to the media presentationdevice, the electronic programming guide comprising a listing of contentfrom a plurality of content sources corresponding to the plurality ofauthentication tokens.
 17. A media presentation device, comprising: adisplay; a logic subsystem configured to execute instructions; and adata-holding subsystem holding instructing executable by the logicsubsystem to: establish authenticated relationships with a plurality ofcontent sources; in response, receive for each authenticatedrelationship an authentication token representing the authenticatedrelationship, thereby receiving a plurality of authentication tokens;send the plurality of authentication tokens to a federated identityservice; send a request to the federated identity service for anelectronic programming guide; and receive the electronic programmingguide from the federated identity service, the electronic programmingguide comprising a listing of content from the content sourcescorresponding to the authentication tokens.
 18. The method of claim 17,further comprising registering the media presentation device with thefederated identity service.
 19. The method of claim 17, wherein theauthentication token provides information about one or more of the mediapresentation device, a user of the media presentation device, and thecontent source from which the authentication token was received.
 20. Themethod of claim 17, further comprising receiving advertising contentbased on one or more of the plurality of authentication tokens.